EDMdesigner Integration Tutorial #2 - Admin functionalities and server side routes

In the last blog post I was talking about the very basics of using EDMdesigner’s API. This time I will be talking about topics, with which it’s already possible to really integrate EDMdesigner into your system, meaning that there will be direct association between your users in your database and EDMdesigner users.

One way to do it is that you create an initialization script which creates EDMdesigner users for all of your users in your database. For this, you should create users in our system when you create a new user in yours, so if a user registers to your system, then a user should be created in our system as well. To provide one to one relationship between the users in your and in our system, the user name of EDMdesigner users should be the user id of your users,  their e-mail address or something else which is unique per API key. The important thing is that based on the user name you provided to our system, you can find out which is that user in your system.

An other way could be to check if the actual user ever used EDMdesigner and if not, you can register that user on the fly. I think it’s easier to implement, and that extra checking is nothing compared to the ease of the implementation.

Since there are several ways to implement it actually, I will only focus on creating users from code, nothing else, so I won’t talk about concrete implementations.

The first thing you have to do, is to create an “admin token”. This is a special kind of token which is used for admin (or superuser) functionalities. These are: creating, updating, removing users, managing groups, etc. Now, I will concentrate only on user creation. The token creation is very similar to what we saw in the last post but in this case we have to send a “admin”  as the username to our token generator route. This “admin” user is non-existent in our DB – not like “templater” , which is existent -, it’s only used to make difference between admin and normal user functionalities. This also means that you can’t create a user with this name in our system. It is very, very important that you make sure that only your administrators can create admin token. You have to check in your session that the actual user of yours have rights to use the admin functionalities in our API.

If you use the Javascript API, then do it only on administrative interfaces, where it’s sure that only your admins can use it. If it’s about deeper integration – eg. when a user registers, you register it to EDMdesigner as well – you should do it on the server side. The Javascript API works with JSONP calls, which has it’s limitations. From the server side you can call the JSON versions of the routes. Also, there are some extra routes which you can call from the server side but not with JSONP. These routes are usually dangerous to call from the client side, since there should be some post processing on the result. An example for this is when you call our HTML generator without sanitizing. It can be useful when you have some kind of query language and based on that you fetch info from your own DB just before sending. If our sanitizer would replace the queries that you inserted into the template, probably you would go crazy. This means that you have to take care about sanitizing the final result.

So from the server side routes we will use the one with which you can create a new user. Basically you have to post some data to the following route:

//api.edmdesigner.com/json/user/create?token=<YOUR_ADMIN_TOKEN>

The only required thing you should post is the id, which can be the userId in your system. This way you can create a one-to-one association between your and our users. You will be able to reach this user’s functionalities with this id you gave.

One very useful thing is that you can associate customData to every user (and to every projects as well). This way you can customize the way you integrate EDMdesigner into your system even better. You have to post a customData field when you create your user, which you will reach and modify later.

Please check out our PHP example for admin functionalities on GitHub.